Ctrlk
Sprinto DashboardAPI Reference
For the complete documentation index, see llms.txt. This page is also available as Markdown.

Assess Vendor Risk and Due Diligence

Learn how to assess vendor risk, map risks, review Risk Pulse insights, and complete vendor due diligence in Sprinto.

Sprinto enables you to assess vendor risk through configurable risk scoring, risk mapping, Risk Pulse insights, and guided due diligence workflows.

These workflows help organisations:

  • Identify high-risk vendors

  • Understand vendor security posture

  • Map operational and compliance risks

  • Perform due diligence reviews

  • Maintain audit-ready evidence

Vendor risk assessment combines:

  • Manual risk classification

  • Risk mapping

  • Sprinto Risk Pulse analysis

  • Due diligence review workflows

How it Works

Access a Vendor

  1. Log in to the Sprinto dashboard.

  2. Navigate to Data Library.

  3. Select Vendors.

  4. Open the All vendors tab.

  5. Select the vendor you want to assess.

Open the Risk Tab

Inside the vendor profile:

  1. Navigate to the Risk tab.

You will now see two sections:

  • Your classification

  • Sprinto’s risk pulse

Key Behaviours and Limits

  • Sprinto automatically calculates the vendor risk score from configured risk factors.

  • Any Add value action opens the full scoring drawer containing all risk factors.

  • Risk mappings can be edited at any time.

  • Risk Pulse is continuously monitored and updated automatically.

  • High-risk vendors may require due diligence workflows depending on configuration.

Use Cases

Use Case
Description

Vendor onboarding

Assess vendor risk before onboarding

Risk governance

Classify vendor risks using organisational scoring models

Risk mapping

Associate vendors with operational or compliance risks

Compliance reviews

Review vendor posture during audits and assessments

Continuous monitoring

Use Risk Pulse to monitor vendor security posture

Dashboard Actions

Score Vendor Risk

Sprinto calculates vendor risk using configured risk factors.

Add Risk Factor Values

  1. Open the vendor profile.

  2. Go to the Risk tab.

  3. Under Your classification, locate the required risk factor.

  4. Click Add value.

A drawer opens containing all configured risk factors.

Configure Risk Factors

Inside the drawer:

  1. Expand each risk factor section.

  2. Select the required value or response.

  3. Continue until all mandatory risk factors are completed.

Examples include:

  • Access rights

  • Personal and sensitive data

  • Data location and handling

  • Data retention

  • Vendor tier

  • Operational impact

Sprinto automatically calculates:

  • Risk scores per factor

  • Total vendor risk score

  • Auto-computed risk level

Save Risk Scoring

  1. After configuring all required values:

  2. Click Save changes.

The vendor risk score is updated.

Edit Existing Risk Scores

To modify existing scores:

  1. Go to the Risk tab.

  2. Click the Edit icon next to any scored risk factor.

  1. Click Save changes after configuring all required values.

The scoring drawer opens again and allows you to:

  • Modify factor values

  • Recalculate vendor scores

Map Risks to a Vendor

You can associate risks from the risk register with a vendor.

Add Risk Mapping

  1. Go to the Risk tab.

  2. Under Map risks to vendor, click Add risks.

A drawer opens showing:

  • Risk categories

  • Available risks

  • Search functionality

Select Risks

  1. Select a risk category.

  2. Search or browse available risks.

  3. Select the required risks using the checkboxes.

Selected risks appear in:

  • Selected risks for mapping

Save Risk Mapping

  1. Click Save mapping.

Mapped risks now appear under:

  • Mapped risks to vendor

Edit Risk Mapping

To modify mappings:

  1. Click Edit in the mapped risks section.

  1. Add or remove risks as required.

  2. Click Save mapping to save the changes.

Review Sprinto Risk Pulse

Sprinto Risk Pulse provides continuously monitored vendor posture insights.

Access Risk Pulse

  1. Open the vendor profile.

  2. Navigate to the Risk tab.

  3. Open Sprinto’s risk pulse.

Risk Pulse combines:

  • Security signals

  • Compliance posture

  • Operational indicators

  • Continuously monitored risk data

Review Compliance and Certifications

Risk Pulse displays:

  • Compliance certifications

  • Security posture indicators

  • Regulatory alignment

  • Operational signals

Examples include:

  • SOC 2 Type II

  • ISO 27001

  • ISO 27701

  • ISO 42001

  • GDPR

  • HIPAA

  • CCPA / CPRA

  • EU AI Act

  • DPA availability

Sprinto also calculates a:

  • Risk Pulse score

  • Associated risk level

Perform Vendor Due Diligence

Due diligence is generally required for high-risk vendors.

Start Due Diligence

  1. Open the vendor profile.

  2. Go to the Due diligence tab.

  3. Click perform due diligence.

Upload Security Documents

  1. Click Choose documents to choose your documents.

You can:

  • Upload compliance reports

  • Request documents from vendors

  • Review uploaded evidence

Examples include:

  • SOC reports

  • ISO certifications

  • Security assessments

  • DPA documents

  1. Click Save to save your configuration.

Complete Due Diligence

Under Review vendor documents and complete due diligence:

Select either:

  • Vendor meets necessary security requirements

  • Manually review vendor documents and add notes

If manually reviewing:

  • Add findings or review notes

Once complete:

  1. Click Complete due diligence.

Summary

Sprinto enables organisations to assess vendor risk through configurable scoring models, mapped risks, Risk Pulse analysis, and due diligence workflows.

Together, these features help organisations:

  • Understand vendor security posture

  • Identify high-risk vendors

  • Maintain audit-ready evidence

  • Continuously monitor third-party risk exposure

PreviousRequest Documents and Questionnaires from VendorsNextSend and Review Security Questionnaires

Last updated